P
US8850009B2ExpiredUtilityPatentIndex 84

System and method employing an agile network protocol for secure communications using secure domain names

Assignee: VIRNETX INCPriority: Oct 30, 1998Filed: Jun 6, 2013Granted: Sep 30, 2014
Est. expiryOct 30, 2018(expired)· nominal 20-yr term from priority
Inventors:LARSON VICTORSHORT III ROBERT DUNHAMMUNGER EDMUND COLBYWILLIAMSON MICHAEL
H04L 45/00H04L 63/0485H04L 2101/30H04L 2101/604H04L 61/5007H04L 61/30H04L 61/5076H04L 61/5092H04L 61/35H04L 61/4511H04L 63/08H04L 63/0876H04L 63/04H04L 63/1408H04L 67/14H04L 63/0428H04L 63/105H04L 67/141H04L 45/24H04L 63/0227H04L 63/0435H04L 63/1458H04L 63/0478G06F 21/606H04L 45/28H04L 63/1416H04L 63/0407H04L 63/0421H04L 12/4641H04L 63/164H04L 61/3015G06F 16/951H04L 63/1466H04L 63/0272H04L 63/168H04L 29/1232H04L 61/6004H04L 61/2092H04L 61/2076H04L 29/12594H04L 61/2007H04L 29/12783H04L 29/12301H04L 29/12801H04L 61/303H04L 29/12216H04L 29/12066H04L 41/00H04L 61/1511
84
PatentIndex Score
4
Cited by
2,529
References
25
Claims

Abstract

A network device comprises a storage device storing an application program for a secure communications service; and at least one processor configured to execute the application program enabling the network device to: (a) send a request to look up a network address of a second network device based on an identifier; (b) receive an indication that the second network device is available for the secure communications service, the indication including the requested network address of the second network device and provisioning information for a secure communication link; (c) connect to the second network device over the secure communication link, using the received network address of the second network device and the provisioning information for the secure communication link; and (d) communicate at least one of video data and audio data with the second network device using the secure communications service via the secure communication link.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A network device, comprising:
 a storage device storing an application program for a secure communications service; and 
 at least one processor configured to execute the application program for the secure communications service so as to enable the network device to: 
 send a domain name service (DNS) request to look up a network address of a second network device based on an identifier associated with the second network device; 
 receive, following interception of the DNS request and a determination that the second network device is available for the secure communications service: (1) an indication that the second network device is available for the secure communications service, (2) the requested network address of the second network device, and (3) provisioning information for an encrypted communication link; 
 connect to the second network device over the encrypted communication link, using the received network address of the second network device and the provisioning information for the encrypted communication link; and 
 communicate data with the second network device using the secure communications service via the encrypted communication link, 
 the network device being a device at which a user uses the secure communications service to access the encrypted communication link. 
 
     
     
       2. The network device of  claim 1 , wherein the secure communications service includes an audio-video conferencing service, and the at least one processor is configured to execute the application program to communicate at least one of encrypted video data and audio data with the second network device via the encrypted communication link using the secure communications service. 
     
     
       3. The network device of  claim 1 , wherein the secure communications service includes a telephony service. 
     
     
       4. The system of  claim 3 , wherein the telephony service uses modulation. 
     
     
       5. The network device of  claim 4 , wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code division multiple access (CDMA). 
     
     
       6. The network device of  claim 1 , wherein the network device is a mobile device. 
     
     
       7. The network device of  claim 1 , wherein the identifier associated with the second network device is a domain name. 
     
     
       8. The network device of  claim 1 , wherein the encrypted communication link is part of a virtual private network communication link. 
     
     
       9. The network device of  claim 1 , wherein the virtual private network communication link is based on inserting into each data packet communicated over the virtual private network communication link one or more data values that vary according to a pseudo-random sequence. 
     
     
       10. The network device of  claim 1 , wherein the indication that the second network device is available for the secure communications service is a function of the result of a domain name lookup. 
     
     
       11. The network device of  claim 1 , wherein the encrypted communication link is an end-to-end link extending from the network device to the second network device. 
     
     
       12. The network device of  claim 1 , wherein the interception of the DNS request consists of receiving the DNS request to determine that the second network device is available for the secure communications service. 
     
     
       13. The network device of  claim 1 , wherein the interception of the DNS request occurs at another network device that is separate from the network device. 
     
     
       14. A method executed by a first network device for communicating with a second network device, the method comprising:
 sending a domain name service (DNS) request to look up a network address of a second network device based on an identifier associated with the second network device; 
 receiving, following interception of the DNS request and a determination that the second network device is available for a secure communications service: (1) an indication that the second network device is available for the secure communications service, (2) the requested network address of the second network device, and (3) provisioning information for an encrypted communication link; 
 connecting to the second network device over the encrypted communication link, using the received network address of the second network device and the provisioning information for the encrypted communication link; and 
 communicating data with the second network device using the secure communications service via the encrypted communication link, 
 the first network device being a device at which a user uses the secure communications service to access the encrypted communication link. 
 
     
     
       15. The method of  claim 14 , wherein the secure communications service includes a video conferencing service, and communicating includes communicating at least one of encrypted video data and audio data with the second network device via the encrypted communication link using the secure communications service. 
     
     
       16. The method of  claim 14 , wherein the secure communications service includes a telephony service. 
     
     
       17. The method of  claim 14 , wherein the telephony service uses modulation. 
     
     
       18. The method of  claim 17 , wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code division multiple access (CDMA). 
     
     
       19. The method of  claim 14 , wherein the network device is a mobile device. 
     
     
       20. The method of  claim 14 , wherein the identifier associated with the second network device is a domain name. 
     
     
       21. The method of  claim 14 , wherein the encrypted communication link is part of a virtual private network communication link, and communicating with the second network device using the secure communications service includes inserting into data packets communicated over the virtual private network communication link one or more data values that vary according to a pseudo-random sequence. 
     
     
       22. The method of  claim 14 , wherein the indication that the second network device is available for a secure communications service is a function of a domain name lookup. 
     
     
       23. The method of  claim 14 , wherein the encrypted communication link is an end-to-end link extending from the first network device to the second network device. 
     
     
       24. The method of  claim 14 , wherein the intercepting the DNS request consists of receiving the DNS request to determine that the second network device is available for the secure communications service. 
     
     
       25. The method of  claim 14 , wherein the intercepting the DNS request occurs at another network device that is separate from the first network device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.